51 lines
1.5 KiB
Markdown
51 lines
1.5 KiB
Markdown
# GPG
|
||
|
||
This module sets some defaults for gpg, mainly to let your gpg-agent handle ssh keys.
|
||
|
||
View the [*synix* Home Manager module on Forgejo](https://git.sid.ovh/sid/synix/tree/master/modules/home/gpg).
|
||
|
||
## SSH Setup
|
||
|
||
### GPG
|
||
|
||
You need a GPG authentication subkey. Follow the steps below to create one. If you already have a GPG key, skip to step 2.
|
||
|
||
#### 1. Generate a new GPG key
|
||
|
||
```sh
|
||
gpg --full-gen-key --allow-freeform-uid
|
||
```
|
||
|
||
1. Select `1` as the type of key.
|
||
1. Select `4096` for the keysize.
|
||
1. Select `0` to choose 'Never expire'.
|
||
1. Enter your name, email address, and a comment (if you want). Select `0` for 'Okay'.
|
||
|
||
#### 2. Create an authentication subkey
|
||
|
||
```sh
|
||
gpg --expert --edit-key KEY-ID
|
||
```
|
||
|
||
1. At the new `gpg>` prompt, enter: `addkey`
|
||
1. When prompted, enter your passphrase.
|
||
1. When asked for the type of key you want, select: (8) RSA (set your own capabilities).
|
||
1. Enter `S` to toggle the ‘Sign’ action off.
|
||
1. Enter `E` to toggle the ‘Encrypt’ action off.
|
||
1. Enter `A` to toggle the ‘Authenticate’ action on. The output should now include Current allowed actions: Authenticate, with nothing else on that line.
|
||
1. Enter `Q` to continue.
|
||
1. When asked for a keysize, choose `4096`.
|
||
1. Select `0` to choose 'Never expire'.
|
||
1. Once the key is created, enter `quit` to leave the gpg prompt, and `y` at the prompt to save changes.
|
||
|
||
### HM config
|
||
|
||
```nix
|
||
imports = [
|
||
inputs.synix.homeModules.gpg
|
||
];
|
||
|
||
services.gpg-agent.sshKeys = [ "YOUR_AUTH_SUBKEY_KEYGRIP" ];
|
||
```
|
||
|
||
> Get the keygrip of your authentication subkey with: `gpg -K --with-keygrip`
|